FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login

    Password confirmation for authenticated users

    Scheduled Pinned Locked Moved
    General Discussion
    2
    2
    1.8k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pacheco.eaguiar
      last edited by

      Hello everyone!

      I'm integrating an application specific API with a shared FusionAuth server. We've successfully integrated the authentication system, the only missing piece is the password confirmation on risky features, for example:

      • A user wants to delete some dangerous data;
      • User is authenticated (JWT) and does have all required permissions;
      • We wan't a password confirmation to improve user experience with the risky action.

      As described in the above scenario, there is no need for a full authentication process, like issuing a new JWT. We would like just to prompt a password confirmation and validate it with FusionAuth.

      As an alternative, we are currently duplicating using password on our local database, as the main App doesn't have a "password update" feature yet, we just need to store the hashed value during creation. But that will change in the near future and we'd need to keep the password hashes in sync, not to mention that it is not a good practice to keep the hash outside of FA.

      What are your thoughts and suggestions on the matter?

      Have a great day ☀

      M 1 Reply Last reply Reply Quote 0
      • M
        maciej.wisniowski Power User @pacheco.eaguiar
        last edited by

        @pacheco-eaguiar maybe you can use the Login API in the backend to verify user's credentials: https://fusionauth.io/docs/apis/login

        1 Reply Last reply Reply Quote 0
        • First post
          Last post